فا

‫ Cisco Multiple Products Authentication Bypass Vulnerability

ID: IRCAD2015033816
Release Date: 2015-03-12
Criticality level: Highly critical
Software:
Cisco Expressway Series
Cisco TelePresence Conductor
Cisco TelePresence Video Communication Server (VCS)
Description:
A vulnerability has been reported in multiple Cisco products, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to the application not properly validating certain unspecified parameters during log in process, which can be exploited to bypass authentication mechanism.
Successful exploitation requires knowledge of a valid username and a HTTPS connection.
The vulnerabilities are reported in the following products and versions:
* Cisco TelePresence Video Communication Server (VCS) versions prior to X7.2.4, prior to X8.1.2, prior to X8.2.2, and prior to X8.5.
* Cisco Expressway Series versions prior to X7.2.4, prior to X8.1.2, prior to X8.2.2, and prior to X8.5.
* Cisco TelePresence Conductor versions prior to X2.3.1, prior to XC2.4.1, and prior to XC3.0.
Solution
Update to a fixed version.
References:
Cisco (CSCur02680, CSCur05556):
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 فروردین 1394

امتیاز

امتیاز شما
تعداد امتیازها:0